HI, This is my first mail to this mailing list.I want to block external usb storage completly on my server running on centos 5 having confidiential data. For that i used udev and blocked the external usb storage by creating the udev rule mentioning any usb storage will get mounted to /dev/null so that users cant mount as well. But in the mean time i am getting below logs in my /var/log/messages file when i insert any usb storage device. ###################################################### May 23 12:24:02 localhost kernel: usb 1-4: new high speed USB device using ehci_hcd and address 4 May 23 12:24:02 localhost kernel: usb 1-4: configuration #1 chosen from 1 choice May 23 12:24:02 localhost kernel: scsi3 : SCSI emulation for USB Mass Storage devices May 23 12:24:07 localhost kernel: scsi 3:0:0:0: Direct-Access USB Flash Disk 1100 PQ: 0 ANSI: 0 CCS May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] 1981440 512-byte hardware sectors (1014 MB) May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Write Protect is off May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Assuming drive cache: write through May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] 1981440 512-byte hardware sectors (1014 MB) May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Write Protect is off May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Assuming drive cache: write through May 23 12:24:07 localhost kernel: sdb: sdb1 May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Attached SCSI removable disk May 23 12:24:07 localhost kernel: sd 3:0:0:0: Attached scsi generic sg2 type 0 ############################################## I want to know how device name sdb1[see above log] was allocated and is it possible to block the device node creation,if so wht i can do to block the same in my messages log. Regards lingu -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080523/ea9a2a0c/attachment-0005.html>
whoami i wrote:> HI, > > This is my first mail to this mailing list.I want to block external > usb storage completly on my server running on centos 5 having > confidiential data. > > For that i used udev and blocked the external usb storage by creating > the udev rule mentioning any usb storage will get mounted to > /dev/null so that users cant mount as well. > > But in the mean time i am getting below logs in my /var/log/messages > file when i insert any usb storage device. > > ###################################################### > May 23 12:24:02 localhost kernel: usb 1-4: new high speed USB device > using ehci_hcd and address 4 > May 23 12:24:02 localhost kernel: usb 1-4: configuration #1 chosen > from 1 choice > May 23 12:24:02 localhost kernel: scsi3 : SCSI emulation for USB Mass > Storage devices > May 23 12:24:07 localhost kernel: scsi 3:0:0:0: Direct-Access > USB Flash Disk 1100 PQ: 0 ANSI: 0 CCS > May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] 1981440 512-byte > hardware sectors (1014 MB) > May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Write Protect is off > May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Assuming drive > cache: write through > May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] 1981440 512-byte > hardware sectors (1014 MB) > May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Write Protect is off > May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Assuming drive > cache: write through > May 23 12:24:07 localhost kernel: sdb: sdb1 > May 23 12:24:07 localhost kernel: sd 3:0:0:0: [sdb] Attached SCSI > removable disk > May 23 12:24:07 localhost kernel: sd 3:0:0:0: Attached scsi generic > sg2 type 0 > ############################################## > > I want to know how device name sdb1[see above log] was allocated > and is it possible to block the device node creation,if so wht i can > do to block the same in my messages log. > > > Regards > lingu > > > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >Why do you want to block? Why not rather disallow users to use the mount command altogether? If it's a server, why do you have normal users accessing it? -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff
On Friday 23 May 2008 14:16:45 whoami i wrote:> This is my first mail to this mailing list.I want to block external usb > storage completly on my server running on centos 5 having confidiential > data.1. unplug any usb storage 2. rmmod ehci_hcd 3. add a line in /etc/modprobe.d/blacklist blacklist ehci_hcd -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 20:50:59 up 1:24, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20080523/b40cf0b1/attachment-0005.sig>
Fajar Priyanto wrote:> On Friday 23 May 2008 14:16:45 whoami i wrote: >> This is my first mail to this mailing list.I want to block external usb >> storage completly on my server running on centos 5 having confidiential >> data. > > 1. unplug any usb storage > 2. rmmod ehci_hcd > 3. add a line in /etc/modprobe.d/blacklist > blacklist ehci_hcdWouldn't that prevent him from using USB as a whole? perhaps a udev rule would play nicely here.
whoami i wrote:> HI, > > This is my first mail to this mailing list.I want to block external > usb storage completly on my server running on centos 5 having > confidiential data.shouldn't this server be in a secure area where noone unauthorized can access its USB ports in the first place?